<?php
class RbacCommand extends CConsoleCommand
{
    private $_authManager;
    public function getHelp()
    {
        $description = "DESCRIPTION\n";
        $description .= ' '."This command generates an initial RBAC authorization hierarchy.\n";
        return parent::getHelp() . $description;
    }

    /**
     * The default action - create the RBAC structure.
     */
    public function actionIndex()
    {
        $this->ensureAuthManagerDefined();
        //provide the oportunity for the use to abort the request
        $message = "This command will create three roles: Admin, User, and Guest\n";
        $message .= " and the following permissions:\n";
        $message .= "create, read, update and delete user\n";

        $message .= "Would you like to continue?";

        if($this->confirm($message))
        {
            $this->_authManager->clearAll();

            $this->_authManager->createOperation("createUser","create a new user");
            $this->_authManager->createOperation("updateUser","update a users in-formation");
            $this->_authManager->createOperation("deleteUser","remove a user from a project");
            $this->_authManager->createOperation("readUser","read user profile");

            $this->_authManager->createOperation("readComment","read comment");
            $this->_authManager->createOperation("createComment","create comment");
            $this->_authManager->createOperation("updateComment","update comment");
            $this->_authManager->createOperation("deleteComment","delete comment");

            $this->_authManager->createOperation("readArticle","read article");
            $this->_authManager->createOperation("createArticle","crate article");
            $this->_authManager->createOperation("updateArticle","update article");
            $this->_authManager->createOperation("deleteArticle","delete article");

            $this->_authManager->createOperation("readCategory","read category");
            $this->_authManager->createOperation("createCategory","create category");
            $this->_authManager->createOperation("updateCategory","update category");
            $this->_authManager->createOperation("deleteCategory","delete category");

            $task1 = $this->_authManager->createTask('manageUsers');
            $task1->addChild("readUser");
            $task1->addChild("createUser");
            $task1->addChild("updateUser");
            $task1->addChild("deleteUser");


            $task2 = $this->_authManager->createTask('manageComments');
            $task2->addChild("readComment");
            $task2->addChild("createComment");
            $task2->addChild("updateComment");
            $task2->addChild("deleteComment");

            $task3 = $this->_authManager->createTask('manageArticles');
            $task3->addChild("readArticle");
            $task3->addChild("createArticle");
            $task3->addChild("updateArticle");
            $task3->addChild("deleteArticle");

            $task4 = $this->_authManager->createTask('manageCategories');
            $task4->addChild("readCategory");
            $task4->addChild("createCategory");
            $task4->addChild("updateCategory");
            $task4->addChild("deleteCategory");

            $u_role=$this->_authManager->createRole("user");
            $u_role->addChild("createComment");


            $a_role=$this->_authManager->createRole("admin");
            $a_role->addChild('manageUsers');
            $a_role->addChild('manageArticles');
            $a_role->addChild('manageCategories');

            //assign admin role
            $this->_authManager->assign('admin',1);

            //provide a message indicating success
            echo "Authorization hierarchy successfully generated.\n";
        }
        else
            echo "Operation cancelled.\n";
    }

    public function actionDelete()
    {
        $this->ensureAuthManagerDefined();
        $message = "This command will clear all RBAC definitions.\n";
        $message .= "Would you like to continue?";
        //check the input from the user and continue if they indicated
        //yes to the above question
        if($this->confirm($message))
        {
            $this->_authManager->clearAll();
            echo "Authorization hierarchy removed.\n";
        }
        else
            echo "Delete operation cancelled.\n";
    }
    protected function ensureAuthManagerDefined()
    {
        //ensure that an authManager is defined as this is mandatory for creating an auth heirarchy
        if(($this->_authManager=Yii::app()->authManager)===null)
        {
            $message = "Error: an authorization manager, named 'authManager' must be con-figured to use this command.";
            $this->usageError($message);
        }
    }
}